Lucene search
K
SecurityvulnsRecent

47153 matches found

securityvulns
securityvulns
added 2011/03/25 12:0 a.m.52 views

HTB22897: SQL injection vulnerability in Ripe website manager

Vulnerability ID: HTB22897 Reference: http://www.htbridge.ch/advisory/sqlinjectionvulnerabilityinripewebsitemanager.html Product: Ripe website manager Vendor: Ripe website manager Team http://www.ripewebsitemanager.com/ Vulnerable Version: 1.1 and probably prior versions Vendor Notification: 10...

1.1AI score
Exploits0
securityvulns
securityvulns
added 2011/03/25 12:0 a.m.49 views

HTB22896: SQL injection vulnerability in Ripe website manager

Vulnerability ID: HTB22896 Reference: http://www.htbridge.ch/advisory/blindsqlinjectionvulnerabilityinripewebsitemanager.html Product: Ripe website manager Vendor: Ripe website manager Team http://www.ripewebsitemanager.com/ Vulnerable Version: 1.1 and probably prior versions Vendor Notification:...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2011/03/25 12:0 a.m.61 views

HTB22898: XSRF (CSRF) in Ripe website manager

Vulnerability ID: HTB22898 Reference: http://www.htbridge.ch/advisory/xsrfcsrfinripewebsitemanager.html Product: Ripe website manager Vendor: Ripe website manager Team http://www.ripewebsitemanager.com/ Vulnerable Version: 1.1 and probably prior versions Vendor Notification: 10 March 2011...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2011/03/25 12:0 a.m.34 views

HTB22901: SQL injection in SyndeoCMS

Vulnerability ID: HTB22901 Reference: http://www.htbridge.ch/advisory/sqlinjectioninsyndeocms.html Product: SyndeoCMS Vendor: http://www.syndeocms.org/ http://www.syndeocms.org/ Vulnerable Version: 2.8.02 Vendor Notification: 10 March 2011 Vulnerability Type: SQL injection Risk level: High Credit...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2011/03/23 12:0 a.m.28 views

AST-2011-004:

Product Asterisk Summary Remote crash vulnerability in TCP/TLS server Nature of Advisory Denial of Service Susceptibility Remote Unauthenticated Sessions Severity Critical Exploits Known No Reported On March 1, 2011 Reported By Blake Cornell [email protected] and Chris Maj [email protected]...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2011/03/23 12:0 a.m.40 views

Cisco IPSec information leak

It's possible to check groupname existance...

1.3AI score
Exploits0References1Affected Software3
securityvulns
securityvulns
added 2011/03/23 12:0 a.m.40 views

PHP-Nuke 8.x <= Cross Site Request Forgery (CSRF) / Anti-CSRF Bypass Vulnerability

PHP-Nuke 8.x = Cross Site Request Forgery CSRF / Anti-CSRF Bypass Vulnerability 1. OVERVIEW The PHP-Nuke version 8.x and lower versions are vulnerable to Cross Site Request Forgery CSRF because its Anti-CSRF mechanism Referer Check is found to be broken. 2. BACKGROUND PHP-Nuke is a Web Portal...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2011/03/23 12:0 a.m.36 views

libvirt protection bypass

No description provided...

6.9CVSS1.6AI score0.01532EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2011/03/23 12:0 a.m.35 views

TeX (tex-common) shell characters vulnerability

No description provided...

6.8CVSS2.6AI score0.04061EPSS
Exploits0References1
securityvulns
securityvulns
added 2011/03/23 12:0 a.m.31 views

NGS00016 Technical Advisory: Immunity Debugger Buffer Overflow

======= Summary ======= Name: Immunity Debugger Buffer Overflow Release Date: 22 March 2011 Reference: NGS00016 Discoverer: Paul Harrington Vendor: Immunity Inc Vendor Reference: Support 3171 Systems Affected: Windows Risk: Low Status: Fixed ======== TimeLine ======== Discovered: 28 October 2010...

7.8AI score
Exploits0
securityvulns
securityvulns
added 2011/03/23 12:0 a.m.65 views

iDefense Security Advisory 03.21.11: Apple OfficeImport Framework Excel Memory Corruption Vulnerability

iDefense Security Advisory 03.21.11 http://labs.idefense.com/intelligence/vulnerabilities/ Mar 21, 2011 I. BACKGROUND The OfficeImport framework is an API used by Apple's mobile devices, including the iPod Touch, iPhone, and iPad. The framework is used to parse and display Microsoft Office file...

6.8CVSS0.02929EPSS
Exploits0
securityvulns
securityvulns
added 2011/03/23 12:0 a.m.260 views

NSOADV-2011-001: Symantec LiveUpdate Administrator CSRF vulnerability

NSOADV-2011-001: Symantec LiveUpdate Administrator CSRF vulnerability 111101111 11111 00110 00110001111 111111 01 01 1 11111011111111 11111 0 11 01 0 11 1 1 111011001 11111111101 1 11 0110111 1 1111101111 1001 0 1 10 11 0 10 11 1111111 1 111 111001 111111111 0 10 1111 0 11 11 111111111 1 1101 10...

6.8CVSS6.7AI score0.02937EPSS
Exploits3
securityvulns
securityvulns
added 2011/03/23 12:0 a.m.37 views

Buffer overflow in libtiff in Imagemagick

--Credits: zgmzgmatmail.ustc.edu.cn -- Disclosure Timeline: 3-17-2011 -- Affected Vendor: Imagemagick 6.6.8-5 Libtiff 6.9.4 -- Problem Description: A buffer overflow is triggered by displaying a malformed tiff image by the Imagemagick.The error information is followed: display: malformed.tif: Wro...

1AI score
Exploits0
securityvulns
securityvulns
added 2011/03/23 12:0 a.m.33 views

NGS00014 Technical Advisory: Cisco IPSec VPN Implementation Group Name Enumeration

======= Summary ======= Name: Cisco IPSec VPN Implementation Group Name Enumeration Release Date: 22 March 2011 Reference: NGS00014 Discoverer: Gavin Jones Vendor: Cisco Vendor Reference: CSCei51783, CSCtj96108 Systems Affected: ASA 5500 Series Adaptive Security Appliances -Cisco PIX 500 Series...

6.7AI score
Exploits0
securityvulns
securityvulns
added 2011/03/23 12:0 a.m.49 views

[SECURITY] [DSA 2194-1] libvirt security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2194-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst March 18, 2011 http://www.debian.org/security/faq -...

6.9CVSS2AI score0.01532EPSS
Exploits0
securityvulns
securityvulns
added 2011/03/23 12:0 a.m.72 views

ZDI-11-107: Libtiff ThunderCode Decoder THUNDER_2BITDELTAS Remote Code Execution Vulnerability

ZDI-11-107: Libtiff ThunderCode Decoder THUNDER2BITDELTAS Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-107 March 21, 2011 -- CVE ID: CVE-2011-1167 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Libtiff -- Affected Products: Libtiff libtiff --...

6.8CVSS0.8AI score0.06233EPSS
Exploits0
securityvulns
securityvulns
added 2011/03/23 12:0 a.m.38 views

libtiff buffer overflow

Buffer overflow in ThunderCode codec, stack overflow...

6.8CVSS4AI score0.06233EPSS
Exploits0References2Affected Software1
securityvulns
securityvulns
added 2011/03/23 12:0 a.m.29 views

HP Client Automation code execution

Code execution with radexecd.exe TCP/3465...

10CVSS2AI score0.13442EPSS
Exploits0References2
securityvulns
securityvulns
added 2011/03/23 12:0 a.m.54 views

Advantech BroadWin WebAccess multiple security vulnerabilities

Code execution, information leak from TCP/4592 RPC-based service...

2.9AI score
Exploits0References1
securityvulns
securityvulns
added 2011/03/23 12:0 a.m.32 views

IGSS ODBC Server uninitialized pointer free()

Multiple uninitialized pointer dereference conditions...

2.8AI score
Exploits0References1
securityvulns
securityvulns
added 2011/03/23 12:0 a.m.25 views

Asterisk DoS

Connection flood leads to resources exhaustion...

2.5AI score
Exploits0References2Affected Software1
securityvulns
securityvulns
added 2011/03/23 12:0 a.m.53 views

Joomla! 1.6.0 | Information Disclosure/Full Path Disclosure Vulnerability

Joomla! 1.6.0 | Information Disclosure/Full Path Disclosure Vulnerability 1. OVERVIEW Joomla! 1.6.0 is vulnerable to Full Path Disclosure. 2. BACKGROUND Joomla is a free and open source content management system CMS for publishing content on the World Wide Web and intranets. It comprises a...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2011/03/23 12:0 a.m.66 views

PHP-Nuke 8.x <= "chng_uid" Blind SQL Injection Vulnerability

PHP-Nuke 8.x = Blind SQL Injection Vulnerability 1. OVERVIEW The administration backend of PHP-Nuke 8.x is vulnerable to Blind SQL Injection. 2. BACKGROUND PHP-Nuke is a Web Portal System or content management system. The goal of PHP-Nuke is to have an automated web site to distribute news and...

7.9AI score
Exploits0
securityvulns
securityvulns
added 2011/03/23 12:0 a.m.37 views

CMS Balitbang 3.3 Arbitary File Upload Vulnerability

=================================================================== CMS Balitbang v.3.3 Arbitary file upload vulnerability =================================================================== Software: CMS Balitbang Vendor: www.kajianwebsite.org Vuln Type: Arbitary file upload Download link:...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2011/03/23 12:0 a.m.51 views

PHP-Nuke 8.x <= Cross Site Scripting Vulnerability

PHP-Nuke 8.x = Cross Site Scripting Vulnerability 1. OVERVIEW The PHP-Nuke version 8.x and lower are vulnerable to Cross Site Scrtipting. 2. BACKGROUND PHP-Nuke is a Web Portal System or content management system. The goal of PHP-Nuke is to have an automated web site to distribute news and articl...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2011/03/23 12:0 a.m.25 views

libcgroup security vulnerabilities

Buffer overflow, privilege escalation...

7.2CVSS4.3AI score0.00419EPSS
Exploits0References1
securityvulns
securityvulns
added 2011/03/23 12:0 a.m.24 views

Heap overflow in RealPlayer 14.0.1.633

Luigi Auriemma Application: RealPlayer http://www.real.com Versions: = 14.0.1.633 Platforms: Windows, Macintosh OSX, Linux, Symbian, Palm Bug: heap overflow Exploitation: remote Date: 21 Mar 2011 found 17 Feb 2011 Author: Luigi Auriemma e-mail: [email protected] web: aluigi.org 1 Introduction ...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2011/03/23 12:0 a.m.25 views

AST-2011-003:

Product Asterisk Summary Resource exhaustion in Asterisk Manager Interface Nature of Advisory Denial of Service Susceptibility Remote Unauthenticated Sessions if manager interface is accessible Severity Moderate Exploits Known No Reported On March 1, 2011 Reported By Blake Cornell...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2011/03/23 12:0 a.m.44 views

PHP-Nuke 8.x <= Cross Site Scripting Vulnerability

PHP-Nuke 8.x = Cross Site Scripting Vulnerability 1. OVERVIEW The PHP-Nuke version 8.x and lower are vulnerable to Cross Site Scrtipting. 2. BACKGROUND PHP-Nuke is a Web Portal System or content management system. The goal of PHP-Nuke is to have an automated web site to distribute news and articl...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2011/03/23 12:0 a.m.97 views

ZDI-11-106: Novell Netware NWFTPD.NLM DELE Remote Code Execution Vulnerability

ZDI-11-106: Novell Netware NWFTPD.NLM DELE Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-106 March 18, 2011 -- CVE ID: CVE-2010-4228 -- CVSS: 9, AV:N/AC:L/Au:S/C:C/I:C/A:C -- Affected Vendors: Novell -- Affected Products: Novell Netware -- TippingPointTM I...

9CVSS1.1AI score0.14658EPSS
Exploits2
securityvulns
securityvulns
added 2011/03/23 12:0 a.m.78 views

[PRE-SA-2011-02] Information disclosure vulnerability in the OSF partition handling code of the Linux kernel

PRE-CERT Security Advisory ========================== Advisory: PRE-SA-2011-02 Released on: 16 Mar 2011 Last updated on: 16 Mar 2011 Affected product: Linux Kernel 2.4 and 2.6 Impact: disclosure of sensitive information Origin: storage devices Credit: Timo Warns PRESENSE Technologies GmbH CVE...

2.1CVSS8.2AI score0.00414EPSS
Exploits2
securityvulns
securityvulns
added 2011/03/23 12:0 a.m.26 views

IBM Lotus Domino Server Controller unauthorized access

User-supplied network file is used for stored user's credentials during TCP/2050 service authentication...

3.7AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2011/03/23 12:0 a.m.48 views

[SECURITY] [DSA 2193-1] libcgroup security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2193-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst March 16, 2011 http://www.debian.org/security/faq -...

7.2CVSS1.1AI score0.00419EPSS
Exploits0
securityvulns
securityvulns
added 2011/03/23 12:0 a.m.57 views

Linux kernel multiple security vulnerabilities

Privilege escalation, multiple information leaks...

4.9CVSS2.5AI score0.0104EPSS
Exploits12References2Affected Software1
securityvulns
securityvulns
added 2011/03/23 12:0 a.m.62 views

ZDI-11-109: (Pwn2Own) Apple Safari OfficeArtBlip Parsing Remote Code Execution Vulnerability

ZDI-11-109: Pwn2Own Apple Safari OfficeArtBlip Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-109 March 22, 2011 -- CVE ID: CVE-2011-1417 -- CVSS: 9.7, AV:N/AC:L/Au:N/C:C/I:C/A:P -- Affected Vendors: Apple -- Affected Products: Apple Safari --...

6.8CVSS0.4AI score0.05472EPSS
Exploits3
securityvulns
securityvulns
added 2011/03/23 12:0 a.m.24 views

HP Discovery & Dependency Mapping Inventory information leak

public community has SNMP read access by default...

5CVSS1.2AI score0.02538EPSS
Exploits0References1
securityvulns
securityvulns
added 2011/03/23 12:0 a.m.28 views

XSS, AoF и IAA уязвимости в MC Content Manager

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Cross-Site Scripting уязвимостях в системе MC Content Manager. Это украинская коммерческая CMS. XSS WASC-08: Уязвимости на страницах регистрации и восстановления пароля. http://websecurity.com.ua/uploads/2011/MC20Content20Manager20XSS.html...

6.6AI score
Exploits0
securityvulns
securityvulns
added 2011/03/23 12:0 a.m.20 views

RealPlayer buffer overflow

Buffer overflow on IVR files parsing...

4.8AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2011/03/23 12:0 a.m.98 views

SCADA Trojans: Attacking the Grid + Advantech vulnerabilities

Hi! You can download the slides of the research I was presenting at RootedCon'11 in Madrid "SCADA Trojans: Attacking the grid". A journey into attacking the power grid. I presented: - 0days in Advantech/BroadWin WebAccess SCADA product - Weak Design/Vulnerabilities in CSE-Semaphore TBOX RTUs -...

7.2AI score
Exploits0
securityvulns
securityvulns
added 2011/03/23 12:0 a.m.55 views

ZDI-11-105: Hewlett-Packard Client Automation radexecd.exe Remote Code Execution Vulnerability

ZDI-11-105: Hewlett-Packard Client Automation radexecd.exe Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-105 March 18, 2011 -- CVE ID: CVE-2011-0889 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: Hewlett-Packard -- Affected Products:...

10CVSS1.5AI score0.13442EPSS
Exploits0
securityvulns
securityvulns
added 2011/03/23 12:0 a.m.57 views

[SECURITY] [DSA 2198-1] tex-common security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2198-1 [email protected] http://www.debian.org/security/ Nico Golde March 22, 2011 http://www.debian.org/security/faq -...

6.8CVSS0.5AI score0.04061EPSS
Exploits0
securityvulns
securityvulns
added 2011/03/23 12:0 a.m.139 views

XSS in Oracle default fcgi-bin/echo

Long ago, I wrote about an XSS vulnerability in Oracle fcgi-bin/echo : http://lists.grok.org.uk/pipermail/full-disclosure/2010-October/076794.html http://www.securityfocus.com/archive/1/514181 The issue may now be fixed in the latest versions of Oracle web servers:...

0.8AI score
Exploits0
securityvulns
securityvulns
added 2011/03/23 12:0 a.m.72 views

[USN-1089-1] Linux kernel vulnerabilities

=========================================================== Ubuntu Security Notice USN-1089-1 March 18, 2011 linux, linux-ec2 vulnerabilities CVE-2010-4076, CVE-2010-4077, CVE-2010-4158, CVE-2010-4162, CVE-2010-4163, CVE-2010-4175, CVE-2010-4242...

4.9CVSS0.0104EPSS
Exploits11
securityvulns
securityvulns
added 2011/03/23 12:0 a.m.27 views

Progea Movicon TCPUploadServer unauthorized access

It's possible to upload and execute file to arbitrary location...

4.4AI score
Exploits0References1
securityvulns
securityvulns
added 2011/03/23 12:0 a.m.24 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

1.6AI score
Exploits0References8Affected Software3
securityvulns
securityvulns
added 2011/03/23 12:0 a.m.46 views

[security bulletin] HPSBMA02647 SSRT100383 rev.1 - HP Discovery & Dependency Mapping Inventory (DDMI) Running on Windows, Insecure SNMP Configuration

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02757867 Version: 1 HPSBMA02647 SSRT100383 rev.1 - HP Discovery & Dependency Mapping Inventory DDMI Running on Windows, Insecure SNMP Configuration NOTICE: The information in this Security Bullet...

5CVSS0.1AI score0.02538EPSS
Exploits0
securityvulns
securityvulns
added 2011/03/23 12:0 a.m.76 views

IGSS 8 ODBC Server Multiple Remote Uninitialized Pointer Free DoS

!/usr/bin/python igss.py IGSS 8 ODBC Server Multiple Remote Uninitialized Pointer Free DoS Jeremy Brown / jbrown at patchtuesday dot org Mar 2011 There are multiple remote uninitialized pointer free conditions in IGSS's ODBC server. By sending a specially crafted packet to listening port 20222, i...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2011/03/23 12:0 a.m.57 views

ZDI-11-110: (0day) IBM Lotus Domino Server Controller Authentication Bypass Remote Code Execution Vulnerability

ZDI-11-110: 0day IBM Lotus Domino Server Controller Authentication Bypass Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-110 March 22, 2011 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: IBM -- Affected Products: IBM Lotus Domino --...

1.1AI score
Exploits0
securityvulns
securityvulns
added 2011/03/23 12:0 a.m.60 views

Apple HFS+ Information Disclosure Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 VSR Security Advisory http://www.vsecurity.com/ - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Advisory Name: Apple HFS+ Information Disclosure Vulnerability Release Date: 2011-03-22 Application: Apple OS X kernel XN...

2.1CVSS6.1AI score0.00682EPSS
Exploits0
securityvulns
securityvulns
added 2011/03/23 12:0 a.m.67 views

ZDI-11-108: Mac OS X Compact Font Format Decoder Remote Code Execution Vulnerability

ZDI-11-108: Mac OS X Compact Font Format Decoder Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-108 March 22, 2011 -- CVE ID: CVE-2011-0176 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: Apple -- Affected Products: Apple Preview --...

6.8CVSS0.4AI score0.0284EPSS
Exploits0
Total number of security vulnerabilities47153